Need help with "Paas Virus" on Windows 10

Masochists rejoice!
User avatar
CalmCreeper360
Posts: 203
Joined: 22 Apr 2021, 07:06
OS: Windows 7 x64
Has thanked: 41 times
Been thanked: 47 times
Russia

Need help with "Paas Virus" on Windows 10

Unread post by CalmCreeper360 »

As the title sais a friend of mine has caught the Paas virus on his Windows 10 machine.
He has reinstalled Windows and thus effectively removing the Virus, however his files remained encrypted.
He tried the "STOP Djvu" file decrypter but it didnt work.
It just gave an error saying that the version of the virus he has uses an online key and thus his files are impossible to be decrypted by the software.

Is there still a way tho to decrypt his files?
Any kind of help is much appreciated.

Thank you and have a nice day
Друштвени партнер компаније Застава Аутомобили, Крагујевац

User avatar
docR
Posts: 51
Joined: 13 Mar 2021, 04:57
Has thanked: 69 times
Been thanked: 24 times
United States of America

Need help with "Paas Virus" on Windows 10

Unread post by docR »

Ouch. I'm terribly sorry to hear your friend had this experience. Few things in this world are scarier than ransomware.

Unfortunately, in your friend's case, this is to be expected. While the virus responsible for encrypting his files may be gone after a clean install, that won't change the state of the encrypted files.

Suppose you rename each of your files with some random file extension. Let's say _old. You say to yourself, okay. I think I'd rather change it back. You reinstall Windows and.... Well, nothing will change the state of those files. Why would your boot OS have anything to do with them? The ransomware has done its dirty deed. There's a reason these ransomware ops are so profitable. They're quite literally holding your data at ransom.

Now. You mentioned that he attempted decrypting his files using STOP Djvu. The ransomware in question is in fact Djvu? If so, the publisher's of this decrypter do state there are sone limitations on what can be decrypted https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

Here's hoping most of your friend's data wasn't too important and simoly be re-downloaded (without re-downloading the ransomware payload)

Be safe
Precision 5810 - Xeon E5-1650 v3 | 16 GB | EVGA 970 | 840 Pro | 2 TB HGST | | 4 TB X300 | Vista-tweaked W7
Latitude e7250 - i7 5600U | HD 5500 | 16 GB | 250 GB mSATA | 1 TB My Passport | Vista-tweaked W7
Image

User avatar
CalmCreeper360
Posts: 203
Joined: 22 Apr 2021, 07:06
OS: Windows 7 x64
Has thanked: 41 times
Been thanked: 47 times
Russia

Need help with "Paas Virus" on Windows 10

Unread post by CalmCreeper360 »

docR wrote: 03 Jun 2021, 14:24 Ouch. I'm terribly sorry to hear your friend had this experience. Few things in this world are scarier than ransomware.

Unfortunately, in your friend's case, this is to be expected. While the virus responsible for encrypting his files may be gone after a clean install, that won't change the state of the encrypted files.

Suppose you rename each of your files with some random file extension. Let's say _old. You say to yourself, okay. I think I'd rather change it back. You reinstall Windows and.... Well, nothing will change the state of those files. Why would your boot OS have anything to do with them? The ransomware has done its dirty deed. There's a reason these ransomware ops are so profitable. They're quite literally holding your data at ransom.

Now. You mentioned that he attempted decrypting his files using STOP Djvu. The ransomware in question is in fact Djvu? If so, the publisher's of this decrypter do state there are sone limitations on what can be decrypted https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

Here's hoping most of your friend's data wasn't too important and simoly be re-downloaded (without re-downloading the ransomware payload)

Be safe
Ouch!
Thats terrible!
Well, i will need to tell him now that all of his files are lost.
Maybe he will be more careful next time.
Also the reason why i recommended him STOP Djvu is because apparently Paas descends from the Djvu family so i though it might be worth a try.
Друштвени партнер компаније Застава Аутомобили, Крагујевац

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests